I Have a collelated Alert about critical connections with Firewall as an event source.
I want to make exceptions with pair of values for example
(IP1 with Port1) No alert
(IP2 with Port2) No Alert
(IP3 with Port3) Alert
So i wat to put those pair values (IP1,Port1) and (IP2,Port2) in watch list - or if there another way - and filter my allert about them
Is there any way to make that